Pdf Password Remove Github

1 view
Skip to first unread message

Shari Alvine

unread,
Aug 5, 2024, 2:40:38 AM8/5/24
to ittilassu
TheGit credential cache runs a daemon process which caches your credentials in memory and hands them out on demand. So killing your git-credential-cache--daemon process throws all these away and results in re-prompting you for your password if you continue to use this as the cache.helper option.

You could also disable use of the Git credential cache using git config --global --unset credential.helper. Then reset this, and you would continue to have the cached credentials available for other repositories (if any). You may also need to do git config --system --unset credential.helper if this has been set in the system configuration file (for example, Git for Windows 2).


On Windows you might be better off using the manager helper (git config --global credential.helper manager). This stores your credentials in the Windows credential store which has a Control Panel interface where you can delete or edit your stored credentials. With this store, your details are secured by your Windows login and can persist over multiple sessions. The manager helper included in Git for Windows 2.x has replaced the earlier wincred helper that was added in Git for Windows 1.8.1.1. A similar helper called winstore is also available online and was used with GitExtensions as it offers a more GUI driven interface. The manager helper offers the same GUI interface as winstore.


Go to Control Panel > User Accounts > Credential Manager > Windows Credentials. You will see Git credentials in the list (e.g. git:). Click on it, update the password, and execute git pull/push command from your Git bash and it won't throw any more error messages.


Using latest version of git for Windows on Windows 10 Professional and I had a similar issue whereby I have two different GitHub accounts and also a Bitbucket account so things got a bit confusing for VS2017, git extensions and git bash.


I found the entry Credential Manager so I clicked on the START button > typed Credential Manager to and left-clicked on the credential manager yellow safe icon which launched the app. I then clicked on the Windows Credentials tabs and found the entry for my current git account which happened to be Bit-bucket so I deleted this account.


But this didn't do the trick so the next step was to unset the credentials and I did this from the repository directory on my laptop that contains the GitHub project I am trying to push to the remote. I typed the following command:


I am not sure how much of an issue this is going forward most people probably work off the one repository but I have to work across several and using different providers so may encounter this issue again.


What finally fixed this for me was to use GitHub desktop, go to repository settings, and remove user:pass@ from the repository url. Then, I attempted a push from the command line and was prompted for login credentials. After I put those in everything went back to normal. Both Visual Studio and command line are working, and of course, GitHub desktop.


Although the title says "Remove credentials", the description leads me to the assumption that you may have multiple accounts on GitHub, e.g. for job-related vs. private projects. (At least that issue made me find this topic.)If so read on, otherwise, ignore the answer, but it may come in handy at some time.


Git Credential Managers (short GCM) like Microsoft's GCM for Windows store credentials per host by default.This can be verified by checking the Windows Credential Manager (see other answers on how to access it on English, French, and German Windows versions).So working with multiple accounts on the same host (here github.com) is not possible by default.


Configure git to include the full path to the repository as additional information for each credential entry. Also documented on GCM for Windows.

I personally prefer to include the HTTP(S) [repository] path to be able to use a separate account for each and every repository.


When altering your repository's history using tools like git filter-repo or the BFG Repo-Cleaner, it's crucial to understand the implications, especially regarding open pull requests and sensitive data.


The git filter-repo tool and the BFG Repo-Cleaner rewrite your repository's history, which changes the SHAs for existing commits that you alter and any dependent commits. Changed commit SHAs may affect open pull requests in your repository. We recommend merging or closing all open pull requests before removing files from your repository.


You cannot remove sensitive data from other users' clones of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on GitHub by contacting us through the GitHub Support portal.


Once you have pushed a commit to GitHub, you should consider any sensitive data in the commit compromised. If you have committed a password, you should change it. If you have committed a key, generate a new one.


If the commit that introduced the sensitive data exists in any forks, it will continue to be accessible there. You will need to coordinate with the owners of the forks, asking them to remove the sensitive data or delete the fork entirely. GitHub cannot provide contact information for these owners.


After the sensitive data is removed, you must force push your changes to GitHub. Force pushing rewrites the repository history, which removes sensitive data from the commit history. If you force push, it may overwrite commits that other people have based their work on.


If you run git filter-repo after stashing changes, you won't be able to retrieve your changes with other stash commands. Before running git filter-repo, we recommend unstashing any changes you've made. To unstash the last set of changes you've stashed, run git stash show -p git apply -R. For more information, see Git Tools - Stashing and Cleaning.


To illustrate how git filter-repo works, we'll show you how to remove your file with sensitive data from the history of your repository and add it to .gitignore to ensure that it is not accidentally re-committed.


Install the latest release of the git filter-repo tool. You can install git-filter-repo manually or by using a package manager. For example, to install the tool with HomeBrew, use the brew install command.


The git filter-repo tool will automatically remove your configured remotes. Use the git remote set-url command to restore your remotes, replacing OWNER and REPO with your repository details. For more information, see "Managing remote repositories."


Once you're happy with the state of your repository, and you have set the appropriate remote, force-push your local changes to overwrite your repository on GitHub.com, as well as all the branches you've pushed up. A force push is required to remove sensitive data from your commit history.


Contact us through the GitHub Support portal, and ask to remove cached views and references to the sensitive data in pull requests on GitHub. Please provide the name of the repository and/or a link to the commit you need removed.


Tell your collaborators to rebase, not merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging.


If you used the BFG tool, after rewriting, you can clean up references in your local repository to the old history to be dereferenced and garbage collected with the following commands (using Git 1.8.5 or newer):


Preventing contributors from making accidental commits can help you prevent sensitive information from being exposed. For more information see "Best practices for preventing data leaks in your organization."


From 2021-08-13, GitHub is no longer accepting account passwords when authenticating Git operations. You need to add a PAT (Personal Access Token) instead, and you can follow the below method to add a PAT on your system.


For those who don't have this entry: it could be made. one way to do it is- to clone a project. then it will ask for your username and password. instead of password give it the token and then the entry would be made.


GitHub has made changes in password authentication. If you are trying to access Git by username and password then it does not allow you. So use a personal access token instead of a password to access Git everywhere.


It will show all generic credentials. Find your GitHub URL and click on that. Now click on the edit button. And then add the personal access token generated from GitHub into the password field. And click on the Save button.


This message means that you're using a password instead of a personal access token to access GitHub over HTTPS, and that's no longer allowed. GitHub has disabled password authentication because it's common for people to accidentally leak their passwords, and while a personal access token can be restricted to limit the damage, a password cannot.


Then, the next time you try to push or pull, Git will prompt you for a username and password. For the username, enter your GitHub username, and for the password, generate a new personal access token on the appropriate settings page and paste it into the password field. If you're working from the command line, you may not see any indication that the password was successfully pasted; this is normal, so just hit Enter afterwards.


That will save the personal access token in your credential manager for the next time, assuming you have one set up. If you're not sure if you have one set up, run git config credential.helper and see if it outputs anything.


After this step, run the command again for pull/push in the terminal. GitHub will ask to log in with your default browser automatically (make sure you are logged in with GitHub in the default browser).


If the repository is part of an organization, you will also need to sign in to that organization with your personal access token so that the organization will recognize it. If you're already signed in, sign out first.

3a8082e126
Reply all
Reply to author
Forward
0 new messages